Nespresso smart cards hacked to provide infinite coffee after someone wasn’t too perky about security

From theregister.com

Perth bus. Image Nim https://commons.wikimedia.org/wiki/User:EurovisionNim

Some commercial Nespresso machines in Europe that incorporate a smart card payment system can be manipulated to add unlimited funds to purchase coffee, thanks to reliance on technology that’s been known to be insecure for more than a decade.

In a coordinated vulnerability disclosure published this week, Polle Vanhoof, a security researcher, describes a vulnerability affecting unspecified Nespresso Pro machines equipped with a smart card reader: the problem? Some rely on outdated Mifare Classic smart cards.

Read more…